Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
node-defacto
Advanced tools
Readme
node-defacto
discovers your de facto API contract, represented as an OpenAPI/Swagger
specification. As the API provider testing your own service, defacto
in conjunction
with a swagger-diff
tool allows you to make two types of assertions:
As the API consumer testing your application against a stub, defacto
and
swagger-diff
allow you to verify that the spec you're writing tests against is
compatible with the spec given by the API provider.
node-defacto
needs to be initialized before any tests are run. In mocha, you can
use a root-level before hook to do the trick.
This might be the initialization function for mountebank:
// Outside of any describe block
before(function () {
require('node-defacto').capture({
title: 'mountebank',
version: '1',
baseURL: 'http://localhost:2525/',
paths: ['/', '/imposters', '/imposters/{port}', '/config', '/logs'],
filename: 'test-swagger.json'
});
});
Then execute your service test suite against your API. node-defacto
doesn't work
with your unit tests. It can only capture the test contract expectations for those
tests that use node's http
module to call your API over the wire. In the example
above, all test traffic sent to http://localhost:2525/ is analyzed, which represents
the host
and basePath
elements at the root of the OpenAPI specification.
The complete OpenAPI specification that the tests expect is captured in
test-swagger.json
, which can be diffed to the actual spec for the assertions.
There are two diffing tools I'm aware of and evaluating:
node-defacto
wraps the http
module, capturing all client requests and responses
that match the host
and basePath
given in the first parameter to the capture
function. Each time a new OpenAPI path
and operation
is detected, it is added
to the spec. Each time defacto
detects a new input parameter
, it adds it to the
spec. Each time a new response
is detected, it is added to the spec. Every request
and response JSON body is captured, and all fields and types are added to the spec.
node-defacto
assumes JSON.node-defacto
is not written in ES6 because it needs to support the oldest
supported version of node (4.0), which does not fully support ES6.
./build
should run the build, or (assuming you've previously run an npm install
and
an npm install -g grunt-cli
), grunt
will do the same.
FAQs
Captures the de facto API spec that your tests understand
The npm package node-defacto receives a total of 0 weekly downloads. As such, node-defacto popularity was classified as not popular.
We found that node-defacto demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.